/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-26 04:54:35 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080926045435-0thnnqops1kzclag
* debian/mandos-client.postinst: Change home directory to
                                 "/nonexistent".
* debian/mandos.postinst: - '' -

* plugin-runner.c (main): Bug fix: Block signals while modifying
                          "plugin_list".

* plugins.d/usplash.c (usplash_write): New function.
  (main): Use "usplash_write" to write "INPUTQUIET" command.  Also
          write "TIMEOUT 0" before it, and write "TIMEOUT 15" and
          "PULSATE" if starting a new usplash process.  Kill old
          usplash before forking.  Bug fix: do setuid(geteuid()) to
          preserve genuine rootness.  Better interrupted/error logic
          overall.

* debian/mandos-client.lintian-overrides: Ignore setuid
                                          "plugins.d/usplash".

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos-client">
6
 
<!ENTITY TIMESTAMP "2008-09-30">
 
6
<!ENTITY TIMESTAMP "2008-09-12">
7
7
]>
8
8
 
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
449
449
      The only remaining weak point is that someone with physical
450
450
      access to the client hard drive might turn off the client
451
451
      computer, read the OpenPGP keys directly from the hard drive,
452
 
      and communicate with the server.  To safeguard against this, the
453
 
      server is supposed to notice the client disappearing and stop
454
 
      giving out the encrypted data.  Therefore, it is important to
455
 
      set the timeout and checker interval values tightly on the
456
 
      server.  See <citerefentry><refentrytitle
 
452
      and communicate with the server.  The defense against this is
 
453
      that the server is supposed to notice the client disappearing
 
454
      and will stop giving out the encrypted data.  Therefore, it is
 
455
      important to set the timeout and checker interval values tightly
 
456
      on the server.  See <citerefentry><refentrytitle
457
457
      >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
458
458
    </para>
459
459
    <para>